Privacy-Aware Service Integration
Pierre Parrend, Stéphane Frénot
[email protected] Lab. CITI, 21, Avenue J. Capelle 69621 Vileurbanne Cedex, France
Sebastian Höhn
[email protected] Dept. of Telematics University Freiburg (Germany)
Context ●
Pervasive Systems – –
●
Personnalized Services Everywhere Useful when combined together
Data handling in Pervasive Systems
07/19/2007
Privacy-Aware Service Integration
2
A Framework for Privacy Aware Service Integration ● ● ● ●
A vision of Pervasive Services Secure Architecture for Pervasive Service Provisioning Privacy Model System Requirements
07/19/2007
Privacy-Aware Service Integration
3
A Vision of Pervasive Services ●
Use Case I: Intelligent supermarket Sensordata Client Database
VideoData RFID-Data
07/19/2007
Privacy-Aware Service Integration
4
A Vision of Pervasive Services
GPS GPS
WiF i
Use Case II: On-board Desktop
Sec uSere cureC Conon nec n tionec GPR tion S
●
Remote Desktop
Prolificx Telematics Box
Prolifix Telematics (Oracle MicroEdge Server on Box Windows CE)
07/19/2007
Privacy-Aware Service Integration
5
A Vision of Pervasive Services ●
Use Case III: Smart Home
Gateway operator
Service providers
last mile internet
Home Equipments
Home Gateway management
Data handlers
Home Network
07/19/2007
Privacy-Aware Service Integration
6
A Vision of Pervasive Services ●
Architectural Overview
07/19/2007
Privacy-Aware Service Integration
7
A Vision of Pervasive Services ●
Requirements for Privacy Aware Pervasive Services – –
No external Data Misuse – Secure Architecture No internal Data Misuse – Privacy-friendly Services
07/19/2007
Privacy-Aware Service Integration
8
Summary ● ● ● ●
A vision of Pervasive Services Secure Architecture for Pervasive Service Provisioning Privacy Model System Requirements
07/19/2007
Privacy-Aware Service Integration
9
Secure Architecture for pervasive Service Provisionning
●
Architectural Overview Sign Bundles with JarSigner
Bundle Privacy Metadata Bundle Sigature Unsecure Com. Channel
Signer's Private Key
Service Privacy Metadata Secure Com. Channel Signer's Public Key Certificate
07/19/2007
Privacy-Aware Service Integration
Certificate Database (security+privacy)
10
Secure Architecture for pervasive Service Provisionning
●
Discovery Protocol for Bundles
07/19/2007
Privacy-Aware Service Integration
11
Secure Architecture for pervasive Service Provisionning
●
Discovery Protocol for Services
07/19/2007
Privacy-Aware Service Integration
12
Secure Architecture for pervasive Service Provisionning
●
Security Analysis –
Bundle Deployment ● ● ● ●
–
Bundle Digital Signature Integrity, Authentification of the Publisher No confidentiality Client Side Control
Service Use ● ●
07/19/2007
Secure Communication Channel, as SSH Integrity, Authentication and Confidentiality must be checked at the server side AND at the client side
Privacy-Aware Service Integration
13
Summary ● ● ● ●
A vision of Pervasive Services Secure Architecture for Pervasive Service Provisioning Privacy Model System Requirements
07/19/2007
Privacy-Aware Service Integration
14
Privacy Model ●
Formal Foundations −
Missing Semantics: Attributes and associations to individuals The context in which they are processed and evaluated
−
Requirements (for practical applicability) Handling of non-static spreading of information Distributed modeling Information gathering through data-mining
07/19/2007
Privacy-Aware Service Integration
15
Privacy Model ●
Formal Foundations – – – –
Users Id – the users Actions Acti – the services Attributes A – the data that is gathered about a user by a service Production Rules: to identify data mining risks ●
07/19/2007
Rp E Set(Aavailable) x Set(Adeduced)
Privacy-Aware Service Integration
16
Privacy Model Building blocks for implementation − − − −
Services and actions Users Data Attributes Administrative Domains
Definition of Privacy-Aware Partial Policy − − −
Well-defined set of actions Data attributes Administrative Domains and their trust-level
07/19/2007
Privacy-Aware Service Integration
17
Summary ● ● ● ●
A vision of Pervasive Services Secure Architecture for Pervasive Service Provisioning Privacy Model System Requirements
07/19/2007
Privacy-Aware Service Integration
18
System Requirements ●
Remote Service Implementation −
Openness and Transparency Users can observe the fulfilment of privacy policies Technically unaware people can rely on others like Open-Source approach
−
Enforcement rather difficult (according to Hilty, 2005) Enforceable obligations Observable obligation Other obligations
−
Human actions are required Service certification – before release Service audit – during runtime, and in case of court trial
07/19/2007
Privacy-Aware Service Integration
19
System Requirements ●
User Platform – –
3 steps-control: validation during installation, monitoring, and logging Sandboxing: Java Permissions, Virtual OSGi for multiprovider support
07/19/2007
Privacy-Aware Service Integration
20
System Requirements ●
Isolation between Bundles for Privacy policy enforcement –
Services are bound to a privacy profile ● ● ●
which bundles are allowed to access it which bundles it is allowed to access specific rights (see services/use service)
–
Through OSGi Services only (no package-level access)
–
All Services provided by a given bundle must share the same privacy profile
–
OSGi Service Permission not sufficient ●
07/19/2007
Do not take the privacy meta-data into account
Privacy-Aware Service Integration
21
System Requirements ●
Isolation between Bundles for Privacy policy enforcement –
OSGi Context must be modified to allow access to authorized services only: definition of 'RestrictedContext', which contains a policy driven filter that can not be modified by the bundles (better performance) OR Service Conditionnal Permissions must be extended to take the privacy model into account (slight extension of the current specification) ●
–
07/19/2007
Privacy-Aware Service Integration
22
Conclusions ●
Contribution – –
Framework for privacy aware service integration Privacy meta-data part of the bundle/service meta-data ●
– ●
Privacy aware service integration can be performed as other types of service integration
System requirements
To be done –
Integration of the model with the use cases
07/19/2007
Privacy-Aware Service Integration
23
Questions ?
07/19/2007
Privacy-Aware Service Integration
24